Tag Archives: Privacy

Making Privacy Obvious to Everyone

Privacy and User agreements: We agree to them without a single thought and certainly never ever read them. Let’s start with a quick background. Since the early days of the software industry — like the days when software came in boxes — users were presented with a legal agreement to use software. It is not uncommon for the legal documents to ramble on and on for pages. All you really need to know is there’s a good chance that “you’re on your own” if you use the software.

Fast forward to the internet age. Since virtually every app or service we use today is free, software companies came up with a Privacy Agreement that basically gives them permission to use your data in unprivate ways. Monetizing user data is THE business model of the internet age so as the saying goes, “if the product is free, then you are the product.” Use Facebook, and all that data about you is used by Facebook to sell ads. Same for Google, Twitter, YouTube, and on and on. By the way this extends to “apps” like Amazon where your Shopping Cart contents are widely shared with ad networks.

If people actually realized what was going on with their privacy, they might change their behavior. There are three primary questions users should want answered by these types of agreements:

  1. Can the service provider ever read my data or is it encrypted?
  2. Where is my data stored? On my device, in the cloud, or both?
  3. Does the service provider monetize my data?

Why not come up with a simplified labeling requirement for internet service agreements? This idea could be used for ISPs, your mobile carrier, the apps you use online, and then all the way down to the search engine you use.

Each of three questions have two or three states so it’s a pretty simple iconography problem. Above is a terrible sketch of what I’m thinking. I bet with no other info, you can figure out which one is Facebook and which one is a my Alarm Clock. Put it at the top of the agreement and allow new users to read the entire agreement if they want, but at least they would get the top-level questions answered before they start using the product.

Would this idea make privacy more obvious to the masses? For the longest time if you wanted nutritional information at places like McDonald’s you had to request what was a very large foldout poster of mountains of information. I’m sure it cost McDonald’s a fortune to print and keep these things in stock in thousands of locations. Today, their menu above the counter already includes the key metric you’re mostly likely wanting to know: calories. And yes, that info has changed my behavior. I don’t get to McDonald’s often, but it’s a real drag that my favorites are obviously the worse for me as well.

Legislation might be required to get providers to make this change. I’m okay with that. Users have a right to know, and I also believe vendors have the responsibility to transparently disclose how they use my data. It was my data in the first place.

Privacy: Social Cause or Business Imperative?

Does your company have NDAs or Confidentiality Agreements? If you do, then your company understands privacy is a business imperative.

For most of us, privacy is a social cause; a way of life that protects a basic civic liberty. But online privacy isn’t just a social cause. It’s also a business imperative. And encryption is one of the easiest ways to protect our livelihood. But first back to business imperatives…

Does your company lock the front door at night? Does it have locks on personnel files? Does your company have non-disclosure agreements? Does it have confidentiality agreements for vendors and employees? Does it secure the WiFi network with a password? Do you need a password to login to email?

If you answered “Yes” to any (and I bet you answered “Yes” to all) of these questions, your workplace understands the business imperative of privacy. You don’t have to be Silicon Valley startup or Apple to be paranoid about the future of your business. These privacy policies are designed to protect the company, its assets, your stockholders, and frankly your own job and livelihood.

Let’s be honest, most businesses shouldn’t be that worried about hackers, foreign operatives, and compromised credit card records. It’s the other very real things that will more likely kill your business or/and ruin your career, things like theft, corporate espionage, ransomware, litigation from former employees, and workplace morale. Also don’t forget information leakage from BYOD, mobile, and the informality of most electronic conversations. The volumes and volumes and volumes of plain text information shared, discoverable, and hosted in the cloud will be the next gold rush for litigators. Just ask Sony or Gawker .

Yes, corporate privacy is more than IT security. It is everything the company does after it secures the network with taller walls and wider moats. Encryption of business information is the simplest and best method of protection. And many argue if your data is encrypted and unreadable by any actor, either inside or outside your network, you can always sleep at night knowing you are safe again.

Privacy is a 7×24 business imperative. We need to move away from “Do you care about privacy?” and move toward “What are you going to do today to better protect your business?”

“Yeah, we ditched Google.”

Why SpiderOak made a conscious decision to break up with Analytics

Most reports indicate Google has over 70% share of the analytics marketplace. Does that jeopardize our privacy?

After we gave it some more thought, we realized we were hypocrites. Since inception, SpiderOak has been an advocate for online privacy. Unlike many others in our market, we strive to be very clear about how our product design truly delivers Zero Knowledge privacy for our users. We tell potential supporters, what matters most is who has the keys and how they are stored. But you can read more about how we solved those problems from our many other posts our site.

For the past five years, we had been using Google Analytics for monitoring our web traffic. Innocent enough decision, right? Then we asked ourselves, “are we contributing to the mass surveillance of the web by using a feature-rich, yet free service that tracks web visitors?” Sadly. we didn’t like the answer to that question. “Yes, by using Google Analytics, we are furthering the erosion of privacy on the web.”

Most people might say, “well it’s only a cookie,” or “I don’t have anything to hide.” Yes our site is only one short stop you might make today while browsing the web, but why does Google and their advertisers need to know about it I would ask. Most of us visit scores of websites each day. The fabric behind the scenes that stitches a stunningly detailed history of your online day is Google Analytics. Even if you don’t have a Google account, or don’t stay logged into Gmail, your browsing history every single day is tracked across sites that include the JavaScript library.

So a few months ago we decided we were wrong and Google Analytics had to go.

Like lots of other companies with high traffic websites, we are a technology company; one with a deep team of software developer expertise. It took us only a few weeks to write our home-brew analytics package. Nothing super fancy yet now we have an internal dashboard that shows the entire company much of what we used analytics for anyway – and with some nice integration with some of our other systems too.

Some of us still have Gmail accounts and others keep using Chrome. Google makes good products. But where SpiderOak decided to draw the line was with the privacy of our current and soon to be customers. You deserve a choice when it comes to privacy online and we realized we could do better by not contributing to your browsing history with Google. And now that we’ve fixed that, we can sleep at night.
Be safe out there.